3.11.6 Procedure for creating an MDM signed-certificate request file (when managing iOS devices)

To create MDM client certificates, you need to change the format of the MDM certificate request file, and then create an MDM signed-certificate request file. You need to perform this procedure only when managing iOS devices.

Prerequisites

• You must purchase a license for the iOS Developer Enterprise Program.

• You must perform the procedure on a Mac PC.

• You must download the MDM certificate request file (mdm.cer) in advance.

Procedure

1. Double-click the downloaded MDM certificate request file (mdm.cer) to import it to Keychain Access, and then export the file in PKCS#12 format.

   Specify vendor.p12 as the export file name.

   Tip

   Set a password when exporting the file. The password set here will be registered in step 6.

2. Obtain the following root certificate and intermediate certificate from Apple:

   • Apple Root CA (AppleIncRootCertificate.cer)

   • Apple Worldwide Developer Relations CA (AppleWWDRCA.cer)

3. Execute the following commands from the terminal to convert the cer files to pem format:

   openssl x509 -inform der -in mdm.cer -out mdm.pem
   openssl x509 -inform der -in AppleWWDRCA.cer -out intermediate.pem
   openssl x509 -inform der -in AppleIncRootCertificate.cer -out root.pem

4. Execute the following commands from the terminal to create a customer certificate request:

   • Create a private key:

   openssl genrsa -des3 -out customerPrivateKey.pem 2048

   • Create the customer certificate request:

   openssl req -new -key customerPrivateKey.pem -out customer.csr

   • Convert the customer certificate request to der file format:

   openssl req -inform pem -outform der -in customer.csr -out customer.der

5. Copy the following five created files to the communication server:

   • customer.der

   • vendor.p12

   • mdm.pem

   • intermediate.pem

   • root.pem

6. Execute the following command from the command prompt to create an MDM signed-certificate request file:

   sdmcreatemdmcertreq -f "folder-storing-files" -o "MDM-signed-certificate-request-file-output-folder" -a common-name-set-when-creating-the-certificate-request-file -p password-set-when-exporting-vendor.p12

Postrequisites

Create MDM client certificates.

Related Topics

• 3.11.4 Flow of obtaining the MDM client certificate for SSL communication for the APNs server (when managing iOS devices)

• 3.11.5 Procedure for downloading the MDM certificate request file (when managing iOS devices)

• 3.11.7 Procedure for creating MDM client certificates (when managing iOS devices)

• 15. sdmcreatemdmcertreq (creating an MDM signed-certificate request file)

To Page Top